We have plans to remove support for displaying notes from debconf, since the vast majority of all debconf notes are inappropriate use of debconf. From what I can see, harden's notes fall into that category, though on the edge between appropriate and inappropriate use.
Work toward this goal so far has consisted of:
- Developing NEWS.Debian support, which eliminated 90% of the appropriate
use of debconf notes.
- Adding support for proper error templates in debconf, for the packages
that need to use debconf to warn about an error condition.
- Removing support for emailing unseen notes, since it was getting
annoying to have all these useless low priority notes[1] cluttering up
mailboxes.
The current status is that I am aware of one completly legitimate use of
debconf notes (the note displayed by nobootloader in d-i on systems that
have no bootloader and need manual configuration to boot). This is the
only thing blocking complete removal of support for displaying notes
from debconf.
I expect we will find a solution to that and I'd encourage you to find
some way more appropriate to get your information to the user than
debconf notes. I suspect there are lots of possibilities you may have
not considered. For example, have you ever thought about making harden
run as a cron job and send email if it detects a new condition that the
user should be warned about, such as the user installing a new server that
needs to be hardened. Anyway, please consider debconf notes as something
that may stop being displayed at any time.
--
see shy jo
[1] Getting mailed a note saying "welcome to the configuration of
package foo" that you only see when you check the mail later is
a classic example of this.
signature.asc
Description: Digital signature
